Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
JR0ch17
January 25, 2022
Technology
62
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
180
Getting Blindly Lucky
jr0ch17
0
110
Qu'est-ce que le bug bounty?
jr0ch17
0
170
Finding 5 bugs in a single parameter
jr0ch17
0
130
Beyond the Borders of Scope
jr0ch17
1
110
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
410
ヘルスケア領域における AI 活用と その安全性担保のための取り組み (Leveraging AI in Healthcare and Our Efforts to Ensure Its Safety) - Google I/O Extended Tokyo 2026, July 11, 2026
zettaittenani
0
280
Oracle Exadata Database Service on Cloud@Customer X11M (ExaDB-C@C) サービス概要
oracle4engineer
PRO
2
8.4k
Claude Code公式skillで 自分の仕事を少しずつ手放そう!(Claude Code開発ノウハウ大公開スペシャル by クラスメソッド)
kaym
1
290
10年目を迎えた「ABEMA」がどのように AI 活用を推進して、AI 駆動開発にシフトしているのか / How ABEMA, entering its 10th year, is promoting the use of AI and shifting toward AI-driven development
miyukki
0
130
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
13
2k
最適な自走を最小限の支援で — M&Aで拡大する組織で少人数SREが挑んだ1年 / SRE NEXT 2026
genda
0
1.1k
【Claude Code】鹿野さんに聞く 私の推しの並行開発環境 大公開 / claude-code-parallel-2026-07-15
tonkotsuboy_com
11
6.9k
穢れた技術選定について
watany
3
350
cccccc
moznion
0
1.9k
kintone の AI コワーカーを、 Anthropic にエージェントを"ホストさせて"作った話 #devkinmeetup
sugimomoto
0
100
インフラ寄りSREでも 開発に踏み出せる〜境界を越えてユーザー体験に向き合いたい〜
sansantech
PRO
2
3.7k
Featured
See All Featured
Building Adaptive Systems
keathley
44
3.1k
Skip the Path - Find Your Career Trail
mkilby
1
160
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
410
Scaling GitHub
holman
464
140k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
How to build a perfect <img>
jonoalderson
1
5.8k
HDC tutorial
michielstock
2
740
Game over? The fight for quality and originality in the time of robots
wayneb77
1
220
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
890
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.6k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
260
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and